MidnightBSD

Advisories for simple_exam_reviewer_management_system_project

CVE-2022-42197

In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
simple_exam_reviewer_management_system_project simple_exam_reviewer_management_system 1.0
CVE-2022-42198

In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
simple_exam_reviewer_management_system_project simple_exam_reviewer_management_system 1.0
CVE-2022-42199

Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
simple_exam_reviewer_management_system_project simple_exam_reviewer_management_system 1.0
CVE-2022-42200

Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
simple_exam_reviewer_management_system_project simple_exam_reviewer_management_system 1.0
CVE-2022-42201

Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
simple_exam_reviewer_management_system_project simple_exam_reviewer_management_system 1.0